Windows Integration attempt #2

Douglas E. Engert deengert at anl.gov
Thu Feb 8 14:17:15 EST 2007



Quanah Gibson-Mount wrote:
> 
> --On Thursday, February 08, 2007 7:32 AM -0500 Sam Hartman 
> <hartmans at mit.edu> wrote:
> 
>>>>>>> "Quanah" == Quanah Gibson-Mount <quanah at stanford.edu> writes:
>>     Quanah> --On Wednesday, February 07, 2007 5:07 PM -0500 Sam
>>     Quanah> Hartman
>>     Quanah> <hartmans at mit.edu> wrote:
>>
>>     >> I would be suspicious of whether you had properly managed to
>>     >> set your machine password.
>>
>>     Quanah> Define "machine password".  You mean the password used
>>     Quanah> between the machine and the KDC for the keytab that was
>>     Quanah> created?  That bit is obviously working because when those
>>     Quanah> don't match, the KDC logs an error, which it isn't doing.
>>     Quanah> In any case, I had that particular password in my C&P
>>     Quanah> buffer, and simple pasted it in for both the KDC and the
>>     Quanah> windows box, so it would be particularly difficult for it
>>     Quanah> to be a typo...
>>
>> If the salt types are inconsistent or something I could see the key
>> working to obtain tickets but not to decrypt them.
> 
> Hm, interesting.  Is there an easy way to diagnose that?

No, but Wireshark (formally called ethereal) runs on Linux or Windows
can show you a lot of the Kerberos packets. There is a lot of unencrypted
data in them which includes the salt returned in the AS_REP or KRB_ERROR
message in response to a kinit using a password.

So if you know what password you used to create the keytab,
and the salt you used, you could double check that the same salt was
used in both.


> 
> --Quanah
> 
> 
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITS/Shared Application Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list